[arch-dev-public] Keyring package for real

Pierre Schmitz pierre at archlinux.de
Sat Apr 7 14:25:44 EDT 2012


Hi all,

with pacman 4.0.3 in [testing] and as all repos are now completely
signed we should have everything we need to finalize the keyring
package. The archlinux-keyring package in [testing] should update your
pacman keyring or ask you to initialize it first. It will then ask you
for each master key to confirm it's trust.

What is left to do?
* Maybe have pacman depend on archlinux.keyring
* Set "SigLevel = Required" for all our repos in our default
pacman.conf
* Write a news item which describes the steps how to setup your pacman
keyring (entropy problem should be covered) and how to install our
keyring package
* Think about if we should advice to start with a new keyring for those
who already had used "SigLevel = TrustedOnly" and therefor imported and
trusted individual keys. E.g. what happens if we revoke just a key etc..

PS: If you like to test several scenarios you can simply move
/etc/pacman.d/gnupg.

Greetings,

Pierre

-- 
Pierre Schmitz, https://pierre-schmitz.com


More information about the arch-dev-public mailing list